Login Free Trial
ISO 27001:2022 Standard

ISO 27001 Audit Application
Information Security

Digitize your ISMS audits. Annex A controls, risk assessment, compliance - professional audit report.

Free 7-Day Trial

Control Domains

Organizational

Policies, roles, segregation, authority contacts.

People

Recruitment, training, awareness, contract termination.

Physical

Perimeters, access, equipment, media.

Technological

Authentication, cryptography, development.

Access

Identity management, rights, reviews.

Monitoring

Logging, detection, audit trail.

Features

Annex A Checklist

93 pre-configured controls from the 2022 version.

Deviations

Non-conformity classification, corrective actions.

Scoring

Maturity assessment by domain.

Evidence

Documentation screenshots, photos.

Offline Mode

Audit without a connection.

PDF Report

Audit report with action plan.

Other Audits

Cybersecurity

Technical security audit.

GDPR

Data protection.

QHSE Audit

All solutions.

Frequently Asked Questions

What are the 4 categories of Annex A controls in ISO 27001:2022?+
The 2022 version restructures the 114 controls into 93 controls organized into 4 themes: organizational (37), people (8), physical (14), technological (34). New controls include: threat intelligence, cloud security, web filtering, and secure coding.
What is the difference between ISO 27001 and ISO 27002?+
ISO 27001 is the certifiable standard that defines the requirements for an ISMS (Information Security Management System). ISO 27002 is a best practice guide that details the implementation of Annex A controls. Certification audits are conducted against ISO 27001, not 27002.
How long does ISO 27001 certification take?+
On average 12 to 18 months for a mid-sized organization. The steps include: gap analysis, scope definition, risk assessment, control implementation, internal audit, management review, then a two-stage certification audit. The certification cycle is 3 years with annual surveillance.
How to conduct the ISO 27001 risk assessment?+
The standard requires (clause 6.1.2): identify risks related to the loss of confidentiality, integrity, and availability of information assets, assess likelihood and consequences, determine the risk level, and apply a treatment plan (accept, transfer, avoid, mitigate). Common methods include EBIOS RM, MEHARI, and ISO 27005.
What are the most common weaknesses found in ISO 27001 audits?+
Poorly defined ISMS scope, incomplete asset inventory, outdated risk assessment, insufficient access management (access rights reviews not conducted), untested business continuity plan, and inadequate event logging/security monitoring.

Digitize Your ISO 27001 Audits

Free 7-day trial.

Start Free Trial